News and general opinion, often privacy, security or computer related, but could be about anything really, including religion, politics, the environment, business or audio books. "Never ascribe to malice, that which can be explained by incompetence." -- Napoleon Bonaparte

Thursday, December 22, 2005

File Sharing Dangers

Can you spot the errors in this article? Do you think everything it says is true?

IntroductionSo you have decided to join the ranks of other Internet users who share files. There is much for you to learn and understand. First understand there are many risks to what you are doing. Files you download from others can contain viruses and other nasty things. So be sure to have a good anti-virus application installed, certainly if you have a Windows-based system. Besides the risks of viruses and such, there are other risks, such as hackers and groups that monitor the internet. Understand that there are many unsafe ways to share files. Including but not limited to P2P, IRC, newsgroups and websites. There are also safe ways to share files as well.

For every connection to the internet there is assigned a unique number, called an IP address. There is no way to hide it, there is always a trail and plenty of ways to record and trace connections. There are methods of mucking up such trails and making it harder to match IP addresses. However they are usually very weak and offer little to no real protection from being traced.

Why share files?An easy enough question to answer and understand. So that you can distributed and download content freely without paying money for it. Not that it is ever truly free, there is the cost of network bandwidth and system resources, along with the power and internet access costs. Also it can be for social reasons, such as to gain friends and access content you normally would not think to or could not easily get to otherwise. For such reasons file-sharing is very popular with millions worldwide engaging in it.

ScamsThere are many bad people out there running scams, they offer access to networks and content, usually charging monthly or yearly rates for it. Granted there are legal services which do exist such as iTunes, eMusic and Audible. However there are also many scams, which upon being paid may give download access to a client, which a free and clean copy could be found elsewhere, usually at the original authors website. Such clients downloaded from the scam websites may be infected with viruses, dialers and other such nasty things. Nasty things like those with damage your system and misuse it, can even get you into trouble with the law. Such scams will lure people into unwittingly conducting content piracy, which they think is legal because they are paying for it. They will still get sued and can face time in jail, even if they were setup by a scam. Just because they were clueless does not make them safe. Anti piracy groups are usually totally heartless and courts usually will side with them if matters go that far, on the rare chance they cases make it to a jury trial, defendants are very likely to lose.

The LawBeyond what was stated elsewhere in this FAQ, there is not much more to say. Just that understanding your local laws is a good thing if you intend to do any file-sharing. Also that regardless of any such understanding, it is not unusual to be burned by your court system, even if you did not commit a crime.

Set Up and/or FramedSo you think that you have been set up and/or framed. However wrong that may be, you should know often file-sharers are very weak and vulnerable. No matter what the circumstances that lead to you getting into trouble with the law, you are most likely to lose. Sure if you are wealthy and manage to get a very good lawyer who has a good understanding of the law, given enough time and money you can fight the charges, possibly even eventually win the case, though you must also understand you still end up losing in what you have had to spend on lawyer fees and time. File-sharers tend not to be wealthy, so there is not much need to any further along these lines.

ClientsThere are many different file-sharing clients, which each offer different features and methods of networking users together. Most of which are unsafe and their users frequently tend to get into legal trouble for using them. Among the most dangerous are the P2P file-sharing clients, which usually allow direct insecure connections between file-sharers, all information concerning file-sharing is easily matched to IP addresses and file-sharers usually are left very open. A few such clients include but are not limited to LimeWire, BearShare, eMule, Morpheus, shareaza, directconnect and BitTorrent.

There are a few safe clients and methods for file-sharing, none of which connect to the internet directly. They go through overlay networks. Overlay networks are networks which exist on top of the internet. They use secure routed networking to route data between sources and destinations. They are general networks in that they are not designed specifically for file-sharing. Two such networks are tor and I2P. Tor is a very limited weak outproxy network that allows for simple web browsing and little else. So it doesn't do file-sharers much good to try abusing it. The other better developed network I2P, is more interesting and useful to file-sharers. Unlike tor it is robust and strong, but with extremely limited outproxying. Instead, members of the network have several safe options for sharing files, including serving them up on websites and with special file-sharing clients. Two such types of clients include certain Gnutella and BitTorrent clients, which have been modified to work on top of the I2P network. They offer safe file-sharing with decent speeds. Transfers and content shared using these modified clients are extremely hard to match to IP addresses, thus are safe enough for average file-sharing of most content.

Of course there are other far less safe but more lightweight and simple clients, which are safer than P2P clients. They use onion routing to make linking IP addresses to specific content hard. However they still link IP addresses directly to file-sharing, though not exposing which content the addresses were responsible for sharing.

SafetySo while sharing content through clients and networks, you should ask yourself is it safe for you to do so with the software and networking that you are using? Are you at risk and is it more than you are willing to handle?

Content and The SceneThere are many types of shared content, both legal and otherwise. Much of the more popular content is considered to be scene content. The scene is often considered as copyrighted music, movies, TV shows, software, warez and anyone sharing such content are usually tagged as pirates. Pirates which are caught, can and often are heavily fined, some may even end up spending time in jail, for the "crime" of illegal file-sharing. If you intend on sharing scene content, unsafe file-sharing is highly recommended against, it is highly risky and sooner or later you will be caught. While of course you are not encouraged to engage in illegal file-sharing by the author of this FAQ, laying out much of the facts the author knows concerning such matters is good for the FAQ's readers. For both law abiding file sharers and pirates alike.

Legal content, since illegal content was already briefly mentioned, next we will point out the less popular legal content, which should be safe to share no matter what methods and clients you use to do so. While sharing such content should be safe, it may not be allowed by your internet service provider and if certain methods are detected, some people have already lost their connections for using them. Worse more people in the future will likely also lose their connections over using file-sharing, even for use which is allowed by their local legal systems. So understand that using unsafe file-sharing can result in losing your internet connection, even if you were not breaking the law by doing so.

So just what is legal content? Legal content is the kind with licenses such as freeware, shareware, demos, trialware, public domain, GPL and LGPL. Homemade contents such as pictures, movies and personal documents are also considered legal, as long as they were originally shared by their authors and artists.

Security MeasuresSome file-sharers resort to taking security measures in the hopes of protecting themselves. Such measures include but are not limited to certain client settings, filter applications such as peergaurdian, protowall, both of which use IP block lists to blacklist IP addresses which are suspected to belong to bad peers. Also content filters which block content that is supposed to be bad, either fake, infected by viruses or something along those lines.

Most such measures are limited and weak at least when it comes to the unsafe file-sharing clients and networking. Yet they can help reduce but not totally eliminate exposure to such peers and content.

I2PJust to make some things clear concerning I2P. First it is not a file-sharing network and application. It is a general purpose network and application for freedom and privacy. No matter what is stated on the official website, forums and by developers, it is ready for large scale use, at the very least by people that are tech savvy. Which largely tends to fall into the age ranges of 30's and under.

That said, it is important to understand the risks of running it, the kind of networking and security it uses. However it is also important to realize that for the average internet user it is safe enough and provides more than enough security already to meet their needs. Just do not expect to use it as providing a haven for paedophiles and pedographic content, that the networks peers are very likely to gang up on anyone that does such things and attempt to turn your information over to the authorities. Note that the term attempt was used, because it is extremely hard to 100 percent prove a peer is the source for such content. Still the networks peers can certainly point authorities in the correct direction to a possible number of addresses they think the content provider may be from and for the authorities to start their investigation with. Though just know that peers are very unlikely to provide the authorities help against each other for other reasons. As many of them do not want to see the network become a haven for pedographic content and thus tarnish the network and projects reputation. So just know while it does help provide and protect a great amount of freedom, for the most part it is within reason. Not something which terrorists and paedophiles are welcomed to use, they should stick to abusing freenet as they have been doing.

Also there is much to I2P beyond the file-sharing clients that have been ported to it. There is real time chat, email, nntp news, websites, forums and other such common applications. Mostly 100 percent legal uses, which peers most commonly use the network for. So just because someone is running I2P does not mean they are likely using it for illegal or even questionable purposes. How much less likely, well nowhere near as likely as the P2P networks, certainly not anywhere close to as likely as freenet. So it should be legally safe to be a I2P peer at least in most areas of the world that have freedom and democracy. Such as America, Canada, Europe, Australia and Japan. As the network grows larger so will the peers safety.

Safety aside, as long as I2P's version is below 1.0 just know that there are bound to be things like bugs and a general lack of documentation, harder to configure and use, though that does not mean you cannot or should not use it. Just that it is still under heavy development and not to demand too much from it and it's developers just yet. If you are bright and willing to spend the time and effort in installing and configuring I2P and its clients, beyond that on a day to day basis it is very little if any time and effort to maintain and use. It is not yet something for the clueless unlike Kazaa and P2P clients are.

It is important to note, like everything which is on the internet, not all information found on a website is certain to be completely accurate and unbiased. For example slyck's forums have many posts which can be misleading, total lies and certainly biased towards P2P. You are advised against just taking much of what is on such forums as the complete truth.

The FutureNo matter what the future may hold for file-sharing, such as new software and other technology. There is bound to be worse problems with shared content and bad peers, ligitious groups like the RIAA and MPAA, more file-sharers being sued and more. Sure there are safe options available now, which all file-sharers are highly recommended to use instead of the older unsafe options. You can be safe now if you take the time and put in the effort to be. Your own safety is your sole responsibility, you can ignore this FAQ's advice and continue to use unsafe file-sharing clients and networking, it is your choice to stay vulnerable or not.

The future of file-sharing is being built now, the software and networks which will become mainstream for the next five or more years are just being setup and adopted. The older type software and networks are already played out and degrading, even if they continue to grow with more new clueless users.

You do not have to join the ranks of the clueless, such as people who use Kazaa and other such vulnerable P2P. You can choose to show leadership and concern for other file-sharers well being, by adopting the safe software and networks now.

Also visit the File Sharing FAQ at DSL Reports. Download the above inaccurate information in a badly written FSFAQ as a PDF file.